I am trying to create credentials via the Rest API using postman.
I send the post request to this domain:
http://localhost:8080/credentials/store/system/domain/_/createCredentials
I've added a API-Key as authentification, created a crumb via the API (request see below) and added it too.
r = requests.get(f'http://localhost:8080/crumbIssuer/api/json', auth=('admin', 'admin'))
crumb = r.json().get('crumb')
Nonetheless, it doesn't work and I get this error page:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<title>Error 403 No valid crumb was included in the request</title>
</head>
<body>
<h2>HTTP ERROR 403 No valid crumb was included in the request</h2>
<table>
<tr>
<th>URI:</th>
<td>/credentials/store/system/domain/_/createCredentials</td>
</tr>
<tr>
<th>STATUS:</th>
<td>403</td>
</tr>
<tr>
<th>MESSAGE:</th>
<td>No valid crumb was included in the request</td>
</tr>
<tr>
<th>SERVLET:</th>
<td>Stapler</td>
</tr>
</table>
<hr><a href="https://eclipse.org/jetty">Powered by Jetty:// 9.4.43.v20210629</a>
<hr />
</body>
</html>I've found the problem. On the jenkins website about CSRF Protection it says:
The Default Crumb Issuer encodes the following information in the hash used as crumb:
- The user name that the crumb was generated for
- The web session ID that the crumb was generated in
- The IP address of the user that the crumb was generated for
- A salt unique to this Jenkins instance
I created the crumb via python in a jupyter notebook. The post request on the other hand was made using postman. So the data which was hashed in the crumb didn't match.